Methods for finding the IP address of a downloaded virtual machine

If you’re working on a challenge, vulnerable VM or CTF, you probably won’t know its IP address and won’t be able to get it with ifconfig because generally login credentials are not disclosed. So this is a basic tutorial on how to “guess” the IP address of a downloaded virtual machine that has DHCP enabled.

If you’re a seasoned pentester/bug bounty hunter/CTFer, this blog post is clearly not for you. It is addressed to anyone starting in InfoSec, whether you’re trying a first boot2root challenge or preparing for a job interview.

Why I am choosing this topic? Because everybody has to start somewhere. In my last corporate job, I created an intentionally vulnerable VM to assess the experience and technical level of applicants for a pentester job. The only information they had, was that the VM has DHCP enabled and their task was to find the maximum number of vulnerabilities.
To my surprise, many of them did not know where to start and asked for the IP address of the VM or the login credentials!

Getting your attack machine’s IP address

Here is how to retrieve your IP address (i.e. the IP address of your attack VM):

Method 3: Port scanning all your network

If you want to be sure, you can also port scan all your network. This is the easiest but slowest method since you’re scanning every open port on your network.
Intentionally vulnerable VMs will generally have more open ports than your own attack or desktop machines: